skill-base 2.0.16 → 2.0.18

package/src/routes/auth.js

@@ -3,7 +3,7 @@ const UserModel = require('../models/user');
 const { verifyPassword, hashPassword, generateCliCode, generatePAT } = require('../utils/crypto');
 
 async function authRoutes(fastify, options) {
-  // POST /login - 用户登录
+  // POST /login - User login
   fastify.post('/login', async (request, reply) => {
     const { username, password } = request.body || {};
 
@@ -11,7 +11,7 @@ async function authRoutes(fastify, options) {
       return reply.code(400).send({ detail: 'Username and password are required' });
     }
 
-    // 查找用户
+    // Find user
     const user = UserModel.findByUsername(username);
     if (!user) {
       return reply.code(401).send({ detail: 'Invalid username or password' });
@@ -38,7 +38,7 @@ async function authRoutes(fastify, options) {
     return { ok: true, user: { id: user.id, username: user.username, name: user.name || null, role: user.role } };
   });
 
-  // POST /logout - 用户登出
+  // POST /logout - User logout
   fastify.post('/logout', async (request, reply) => {
     const sessionId = request.cookies?.session_id;
     if (sessionId) {
@@ -48,14 +48,14 @@ async function authRoutes(fastify, options) {
     return { ok: true };
   });
 
-  // POST /cli-code/generate - 生成 CLI 验证码
+  // POST /cli-code/generate - Generate CLI verification code
   fastify.post('/cli-code/generate', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
     const code = generateCliCode();
     const expiresAt = new Date(Date.now() + 5 * 60 * 1000).toISOString();
 
-    // 写入 cli_auth_codes 表
+    // Write to cli_auth_codes table
     db.prepare(`
       INSERT INTO cli_auth_codes (code, user_id, expires_at, used)
       VALUES (?, ?, ?, FALSE)
@@ -64,7 +64,7 @@ async function authRoutes(fastify, options) {
     return { ok: true, code, expires_at: expiresAt };
   });
 
-  // POST /cli-code/verify - 验证 CLI 验证码
+  // POST /cli-code/verify - Verify CLI verification code
   fastify.post('/cli-code/verify', async (request, reply) => {
     const { code } = request.body || {};
 
@@ -72,7 +72,7 @@ async function authRoutes(fastify, options) {
       return reply.code(400).send({ detail: 'Code is required' });
     }
 
-    // 查找验证码：未使用且未过期
+    // Find verification code: unused and not expired
     const codeRecord = db.prepare(`
       SELECT * FROM cli_auth_codes
       WHERE code = ? AND used = FALSE AND expires_at > datetime('now')
@@ -82,17 +82,17 @@ async function authRoutes(fastify, options) {
       return reply.code(401).send({ detail: 'Invalid or expired code' });
     }
 
-    // 标记为已使用
+    // Mark as used
     db.prepare('UPDATE cli_auth_codes SET used = TRUE WHERE code = ?').run(code);
 
-    // 生成 PAT
+    // Generate PAT
     const token = generatePAT();
     db.prepare(`
       INSERT INTO personal_access_tokens (token, user_id, description)
       VALUES (?, ?, ?)
     `).run(token, codeRecord.user_id, 'CLI generated token');
 
-    // 获取用户信息
+    // Get user info
     const user = UserModel.findById(codeRecord.user_id);
 
     return {
@@ -102,31 +102,31 @@ async function authRoutes(fastify, options) {
     };
   });
 
-  // GET /me - 获取当前用户信息
+  // GET /me - Get current user info
   fastify.get('/me', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
     return request.user;
   });
 
-  // PATCH /me - 更新个人信息（用户名和姓名）
+  // PATCH /me - Update personal info (username and name)
   fastify.patch('/me', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
     const { username, name } = request.body || {};
 
-    // 至少需要提供一个字段
+    // At least one field must be provided
     if (username === undefined && name === undefined) {
       return reply.code(400).send({ ok: false, error: 'invalid_params', detail: 'At least one field must be provided' });
     }
 
-    // 验证用户名
+    // Validate username
     if (username !== undefined) {
       if (typeof username !== 'string' || username.trim().length === 0) {
         return reply.code(400).send({ ok: false, error: 'invalid_params', detail: 'Username cannot be empty' });
       }
       const trimmed = username.trim();
-      // 检查用户名是否已存在（排除自己）
+      // Check if username already exists (exclude self)
       const existing = UserModel.findByUsername(trimmed);
       if (existing && existing.id !== request.user.id) {
         return reply.code(400).send({ ok: false, error: 'username_exists', detail: 'Username already exists' });
@@ -142,7 +142,7 @@ async function authRoutes(fastify, options) {
     return reply.send({ ok: true, user: updated });
   });
 
-  // POST /me/change-password - 修改密码
+  // POST /me/change-password - Change password
   fastify.post('/me/change-password', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
@@ -156,7 +156,7 @@ async function authRoutes(fastify, options) {
       return reply.code(400).send({ ok: false, error: 'invalid_params', detail: 'New password must be at least 6 characters' });
     }
 
-    // 验证旧密码 - 需要获取含密码的用户信息
+    // Verify old password - need to get user info with password
     const user = UserModel.findByUsername(request.user.username);
 
     if (!verifyPassword(old_password, user.password_hash)) {

package/src/routes/collaborators.js

@@ -5,11 +5,11 @@ const { invalidateSkill } = require('../utils/model-cache');
 
 async function collaboratorsRoutes(fastify, options) {
 
-  // GET /:skill_id/collaborators - 获取协作者列表（公开）
+  // GET /:skill_id/collaborators - Get collaborators list (public)
   fastify.get('/:skill_id/collaborators', async (request, reply) => {
     const { skill_id } = request.params;
     
-    // 检查 Skill 是否存在
+    // Check if Skill exists
     const skill = db.prepare('SELECT id FROM skills WHERE id = ?').get(skill_id);
     if (!skill) {
       return reply.code(404).send({ ok: false, error: 'not_found', detail: 'Skill not found' });
@@ -42,25 +42,25 @@ async function collaboratorsRoutes(fastify, options) {
     return reply.send({ skill_id, collaborators: result });
   });
 
-  // POST /:skill_id/collaborators - 添加协作者（owner/admin）
+  // POST /:skill_id/collaborators - Add collaborator (owner/admin)
   fastify.post('/:skill_id/collaborators', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
     const { skill_id } = request.params;
     const { user_id, username } = request.body || {};
     
-    // 检查 Skill 是否存在
+    // Check if Skill exists
     const skill = db.prepare('SELECT id FROM skills WHERE id = ?').get(skill_id);
     if (!skill) {
       return reply.code(404).send({ ok: false, error: 'not_found', detail: 'Skill not found' });
     }
     
-    // 权限检查
+    // Permission check
     if (!canManageSkill(request.user, skill_id)) {
       return reply.code(403).send({ ok: false, error: 'forbidden', detail: 'Owner or admin permission required' });
     }
     
-    // 查找目标用户
+    // Find target user
     let targetUser;
     if (user_id) {
       targetUser = UserModel.findById(parseInt(user_id));
@@ -72,7 +72,7 @@ async function collaboratorsRoutes(fastify, options) {
       return reply.code(404).send({ ok: false, error: 'not_found', detail: 'User not found' });
     }
     
-    // 检查是否已是协作者
+    // Check if already a collaborator
     const existing = db.prepare(
       'SELECT id FROM skill_collaborators WHERE skill_id = ? AND user_id = ?'
     ).get(skill_id, targetUser.id);
@@ -81,7 +81,7 @@ async function collaboratorsRoutes(fastify, options) {
       return reply.code(400).send({ ok: false, error: 'already_collaborator', detail: 'User is already a collaborator' });
     }
     
-    // 添加协作者
+    // Add collaborator
     const result = db.prepare(
       'INSERT INTO skill_collaborators (skill_id, user_id, role, created_by) VALUES (?, ?, ?, ?)'
     ).run(skill_id, targetUser.id, 'collaborator', request.user.id);
@@ -98,24 +98,24 @@ async function collaboratorsRoutes(fastify, options) {
     });
   });
 
-  // DELETE /:skill_id/collaborators/:user_id - 移除协作者（owner/admin）
+  // DELETE /:skill_id/collaborators/:user_id - Remove collaborator (owner/admin)
   fastify.delete('/:skill_id/collaborators/:user_id', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
     const { skill_id, user_id } = request.params;
     
-    // 检查 Skill 是否存在
+    // Check if Skill exists
     const skill = db.prepare('SELECT id FROM skills WHERE id = ?').get(skill_id);
     if (!skill) {
       return reply.code(404).send({ ok: false, error: 'not_found', detail: 'Skill not found' });
     }
     
-    // 权限检查
+    // Permission check
     if (!canManageSkill(request.user, skill_id)) {
       return reply.code(403).send({ ok: false, error: 'forbidden', detail: 'Owner or admin permission required' });
     }
     
-    // 检查协作者记录
+    // Check collaborator record
     const collaborator = db.prepare(
       'SELECT id, role FROM skill_collaborators WHERE skill_id = ? AND user_id = ?'
     ).get(skill_id, parseInt(user_id));
@@ -124,7 +124,7 @@ async function collaboratorsRoutes(fastify, options) {
       return reply.code(404).send({ ok: false, error: 'not_found', detail: 'Collaborator not found' });
     }
     
-    // 不能移除所有者
+    // Cannot remove owner
     if (collaborator.role === 'owner') {
       return reply.code(400).send({ ok: false, error: 'cannot_remove_owner', detail: 'Cannot remove the owner' });
     }
@@ -136,7 +136,7 @@ async function collaboratorsRoutes(fastify, options) {
     return reply.send({ ok: true, message: 'Collaborator removed' });
   });
 
-  // POST /:skill_id/transfer-ownership - 转移所有权（owner/admin，事务）
+  // POST /:skill_id/transfer-ownership - Transfer ownership (owner/admin, transaction)
   fastify.post('/:skill_id/transfer-ownership', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
@@ -147,13 +147,13 @@ async function collaboratorsRoutes(fastify, options) {
       return reply.code(400).send({ ok: false, error: 'invalid_params', detail: 'New owner must be specified' });
     }
     
-    // 检查 Skill 并获取当前所有者
+    // Check Skill and get current owner
     const skill = db.prepare('SELECT id, owner_id FROM skills WHERE id = ?').get(skill_id);
     if (!skill) {
       return reply.code(404).send({ ok: false, error: 'not_found', detail: 'Skill not found' });
     }
     
-    // 权限检查
+    // Permission check
     if (!canManageSkill(request.user, skill_id)) {
       return reply.code(403).send({ ok: false, error: 'forbidden', detail: 'Owner or admin permission required' });
     }
@@ -164,23 +164,23 @@ async function collaboratorsRoutes(fastify, options) {
       return reply.code(400).send({ ok: false, error: 'same_owner', detail: 'New owner is the same as current owner' });
     }
     
-    // 检查新所有者是否存在
+    // Check if new owner exists
     const newOwner = UserModel.findById(newOwnerId);
     if (!newOwner) {
       return reply.code(404).send({ ok: false, error: 'not_found', detail: 'User not found' });
     }
     
-    // 事务操作
+    // Transaction operation
     const transferTx = db.transaction(() => {
-      // 1. 更新 skills 表 owner_id
+      // 1. Update skills table owner_id
       db.prepare('UPDATE skills SET owner_id = ?, updated_at = datetime("now") WHERE id = ?')
         .run(newOwnerId, skill_id);
       
-      // 2. 原所有者降级为 collaborator
+      // 2. Demote original owner to collaborator
       db.prepare('UPDATE skill_collaborators SET role = "collaborator" WHERE skill_id = ? AND user_id = ?')
         .run(skill_id, skill.owner_id);
       
-      // 3. 新所有者升级为 owner（如不存在则新增）
+      // 3. Promote new owner to owner (insert if not exists)
       const existing = db.prepare(
         'SELECT id FROM skill_collaborators WHERE skill_id = ? AND user_id = ?'
       ).get(skill_id, newOwnerId);
@@ -204,14 +204,14 @@ async function collaboratorsRoutes(fastify, options) {
     });
   });
 
-  // DELETE /:skill_id - 删除 Skill（owner/admin，需 confirm 参数，事务）
+  // DELETE /:skill_id - Delete Skill (owner/admin, requires confirm parameter, transaction)
   fastify.delete('/:skill_id', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
     const { skill_id } = request.params;
     const { confirm } = request.query;
     
-    // 确认参数校验
+    // Confirm parameter validation
     if (confirm !== skill_id) {
       return reply.code(400).send({
         ok: false,
@@ -220,22 +220,22 @@ async function collaboratorsRoutes(fastify, options) {
       });
     }
     
-    // 检查 Skill 是否存在
+    // Check if Skill exists
     const skill = db.prepare('SELECT id FROM skills WHERE id = ?').get(skill_id);
     if (!skill) {
       return reply.code(404).send({ ok: false, error: 'not_found', detail: 'Skill not found' });
     }
     
-    // 权限检查
+    // Permission check
     if (!canManageSkill(request.user, skill_id)) {
       return reply.code(403).send({ ok: false, error: 'forbidden', detail: 'Owner or admin permission required' });
     }
     
-    // 获取版本数量（用于响应）
+    // Get versions count (for response)
     const versionsCount = db.prepare('SELECT COUNT(*) as count FROM skill_versions WHERE skill_id = ?')
       .get(skill_id).count;
     
-    // 事务删除
+    // Transaction delete
     const deleteSkillTx = db.transaction(() => {
       db.prepare('DELETE FROM skill_versions WHERE skill_id = ?').run(skill_id);
       db.prepare('DELETE FROM skill_collaborators WHERE skill_id = ?').run(skill_id);
@@ -245,7 +245,7 @@ async function collaboratorsRoutes(fastify, options) {
     deleteSkillTx();
     invalidateSkill(skill_id);
     
-    // 删除文件系统中的文件
+    // Delete files from filesystem
     const fs = require('fs');
     const path = require('path');
     const { getDataDir } = require('../utils/zip');

package/src/routes/init.js

@@ -2,13 +2,13 @@ const bcrypt = require('bcryptjs');
 const db = require('../database');
 
 /**
- * 系统初始化路由
+ * System initialization routes
  * @param {import('fastify').FastifyInstance} fastify
  */
 async function initRoutes(fastify) {
     /**
      * GET /api/v1/init/status
-     * 检查系统是否需要初始化（是否存在管理员用户）
+     * Check if system needs initialization (whether admin user exists)
      */
     fastify.get('/status', async (request, reply) => {
         const adminCount = db.prepare(
@@ -22,11 +22,11 @@ async function initRoutes(fastify) {
 
     /**
      * POST /api/v1/init/setup
-     * 初始化系统管理员账号
+     * Initialize system admin account
      * Body: { username, password }
      */
     fastify.post('/setup', async (request, reply) => {
-        // 检查是否已经初始化
+        // Check if already initialized
         const adminCount = db.prepare(
             "SELECT COUNT(*) as count FROM users WHERE role = 'admin'"
         ).get();
@@ -39,7 +39,7 @@ async function initRoutes(fastify) {
         
         const { username, password } = request.body || {};
         
-        // 验证输入
+        // Validate input
         if (!username || !password) {
             return reply.code(400).send({ 
                 error: 'Username and password are required' 
@@ -58,7 +58,7 @@ async function initRoutes(fastify) {
             });
         }
         
-        // 检查用户名是否已存在
+        // Check if username already exists
         const existingUser = db.prepare(
             'SELECT id FROM users WHERE username = ?'
         ).get(username);
@@ -69,7 +69,7 @@ async function initRoutes(fastify) {
             });
         }
         
-        // 创建管理员账号
+        // Create admin account
         const passwordHash = bcrypt.hashSync(password, 10);
         const result = db.prepare(
             'INSERT INTO users (username, password_hash, role) VALUES (?, ?, ?)'

package/src/routes/publish.js

@@ -7,7 +7,7 @@ const { ensureSkillDir, generateVersionNumber, getZipPath, getZipRelativePath }
 const { canPublishSkill } = require('../utils/permission');
 
 async function publishRoutes(fastify, options) {
-  // POST /publish - 发布新版本
+  // POST /publish - Publish new version
   fastify.post('/publish', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
@@ -15,12 +15,12 @@ async function publishRoutes(fastify, options) {
     let zipBuffer = null;
     let zipFilename = null;
 
-    // 解析 multipart 数据
+    // Parse multipart data
     const parts = request.parts();
     for await (const part of parts) {
       if (part.type === 'file') {
         if (part.fieldname === 'zip_file') {
-          // 读取文件到 buffer
+          // Read file into buffer
           const chunks = [];
           for await (const chunk of part.file) {
             chunks.push(chunk);
@@ -33,19 +33,19 @@ async function publishRoutes(fastify, options) {
       }
     }
 
-    // 检查必须的 zip 文件
+    // Check required zip file
     if (!zipBuffer) {
       return reply.code(400).send({ detail: 'zip_file is required' });
     }
 
     const { skill_id, name, description, changelog } = fields;
 
-    // 检查 skill_id
+    // Check skill_id
     if (!skill_id) {
       return reply.code(400).send({ detail: 'skill_id is required' });
     }
 
-    // 检查发布权限
+    // Check publish permission
     if (!canPublishSkill(request.user, skill_id)) {
       return reply.code(403).send({
         ok: false,
@@ -54,15 +54,15 @@ async function publishRoutes(fastify, options) {
       });
     }
 
-    // 检查 skill 是否存在
+    // Check if skill exists
     const skillExists = SkillModel.exists(skill_id);
 
-    // 如果 skill 不存在，需要 name 字段来创建新 skill
+    // If skill does not exist, name field is required to create new skill
     if (!skillExists) {
       if (!name) {
         return reply.code(400).send({ detail: 'name is required for new skill' });
       }
-      // 使用事务创建新 skill 和添加 owner 协作者记录
+      // Use transaction to create new skill and add owner collaborator record
       const createSkillTx = db.transaction(() => {
         SkillModel.create(skill_id, name, description || '', request.user.id);
         db.prepare(
@@ -72,20 +72,20 @@ async function publishRoutes(fastify, options) {
       createSkillTx();
     }
 
-    // 生成版本号
+    // Generate version number
     const version = generateVersionNumber();
 
-    // 确保目录存在
+    // Ensure directory exists
     ensureSkillDir(skill_id);
 
-    // 写入 zip 文件
+    // Write zip file
     const zipPath = getZipPath(skill_id, version);
     fs.writeFileSync(zipPath, zipBuffer);
 
-    // 获取相对路径（存入数据库）
+    // Get relative path (stored in database)
     const zipRelativePath = getZipRelativePath(skill_id, version);
 
-    // 创建版本记录
+    // Create version record
     const versionRecord = VersionModel.create(
       skill_id,
       version,
@@ -95,7 +95,7 @@ async function publishRoutes(fastify, options) {
       description || ''
     );
 
-    // 更新 skill 的最新版本
+    // Update skill's latest version
     SkillModel.updateLatestVersion(skill_id, version);
     invalidateSkill(skill_id);
 

package/src/routes/skills.js

@@ -5,7 +5,7 @@ const VersionModel = require('../models/version');
 const { getZipPath, resolveZipPath } = require('../utils/zip');
 const { canManageSkill } = require('../utils/permission');
 
-// 格式化 skill，将 owner 转为对象
+// Format skill, convert owner to object
 function formatSkill(skill, currentUser) {
   if (!skill) return null;
   const result = {
@@ -41,7 +41,7 @@ function formatSkill(skill, currentUser) {
   return result;
 }
 
-// 格式化 version，将 uploader 转为对象
+// Format version, convert uploader to object
 function formatVersion(version) {
   if (!version) return null;
   return {
@@ -61,7 +61,7 @@ function formatVersion(version) {
 }
 
 async function skillsRoutes(fastify, options) {
-  // GET / - 获取 skills 列表
+  // GET / - Get skills list
   fastify.get('/', { preHandler: [fastify.optionalAuth] }, async (request, reply) => {
     const { q } = request.query;
     const skills = SkillModel.search(q);
@@ -73,7 +73,7 @@ async function skillsRoutes(fastify, options) {
     };
   });
 
-  // GET /:skill_id - 获取单个 skill
+  // GET /:skill_id - Get single skill
   fastify.get('/:skill_id', { preHandler: [fastify.optionalAuth] }, async (request, reply) => {
     const { skill_id } = request.params;
     const skill = SkillModel.findById(skill_id);
@@ -85,11 +85,11 @@ async function skillsRoutes(fastify, options) {
     return formatSkill(skill, request.user);
   });
 
-  // GET /:skill_id/versions - 获取 skill 的所有版本
+  // GET /:skill_id/versions - Get all versions of a skill
   fastify.get('/:skill_id/versions', async (request, reply) => {
     const { skill_id } = request.params;
 
-    // 先检查 skill 是否存在
+    // First check if skill exists
     if (!SkillModel.exists(skill_id)) {
       return reply.code(404).send({ detail: 'Skill not found' });
     }
@@ -103,7 +103,7 @@ async function skillsRoutes(fastify, options) {
     };
   });
 
-  // GET /:skill_id/versions/:version/download - 下载版本 zip 文件
+  // GET /:skill_id/versions/:version/download - Download version zip file
   fastify.get('/:skill_id/versions/:version/download', async (request, reply) => {
     const { skill_id, version } = request.params;
 
@@ -119,11 +119,11 @@ async function skillsRoutes(fastify, options) {
       return reply.code(404).send({ detail: 'Version not found' });
     }
 
-    // 优先使用数据库里的 zip_path，兼容历史数据；缺失时再回退到规则路径
+    // Prefer using zip_path from database for backward compatibility; fallback to rule-based path if missing
     const zipPath = resolveZipPath(versionRecord.zip_path, skill_id, versionRecord.version);
     const fallbackZipPath = getZipPath(skill_id, versionRecord.version);
 
-    // 检查文件是否存在
+    // Check if file exists
     if (!fs.existsSync(zipPath)) {
       if (!fs.existsSync(fallbackZipPath)) {
         return reply.code(404).send({ detail: 'Version not found' });
@@ -132,7 +132,7 @@ async function skillsRoutes(fastify, options) {
 
     const finalZipPath = fs.existsSync(zipPath) ? zipPath : fallbackZipPath;
 
-    // 设置响应头并返回文件流
+    // Set response headers and return file stream
     const fileName = `${skill_id}-${versionRecord.version}.zip`;
     reply.header('Content-Type', 'application/zip');
     reply.header('Content-Disposition', `attachment; filename="${fileName}"`);
@@ -140,7 +140,7 @@ async function skillsRoutes(fastify, options) {
     return fs.createReadStream(finalZipPath);
   });
 
-  // PUT /:skill_id - 更新 skill 的基本信息
+  // PUT /:skill_id - Update skill basic info
   fastify.put('/:skill_id', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
@@ -159,7 +159,7 @@ async function skillsRoutes(fastify, options) {
     return formatSkill(updated, request.user);
   });
 
-  // PUT /:skill_id/head - 设置 skill 的最新版本 (Head 指针)
+  // PUT /:skill_id/head - Set skill's latest version (Head pointer)
   fastify.put('/:skill_id/head', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
@@ -187,7 +187,7 @@ async function skillsRoutes(fastify, options) {
     return { ok: true, skill_id, latest_version: version };
   });
 
-  // PATCH /:skill_id/versions/:version - 更新指定版本的介绍和日志
+  // PATCH /:skill_id/versions/:version - Update description and changelog for specified version
   fastify.patch('/:skill_id/versions/:version', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {

package/src/routes/users.js

@@ -3,8 +3,8 @@ const { hashPassword } = require('../utils/crypto');
 const db = require('../database');
 
 async function usersRoutes(fastify, options) {
-  // GET /search - 用户搜索（仅需登录，不需要管理员权限）
-  // 注意：必须在 /:user_id 之前注册
+  // GET /search - User search (login required only, no admin permission needed)
+  // Note: Must be registered before /:user_id
   fastify.get('/search', {
     preHandler: [fastify.authenticate]
   }, async (request, reply) => {
@@ -25,11 +25,11 @@ async function usersRoutes(fastify, options) {
     return reply.send({ users });
   });
 
-  // 以下路由都需要管理员权限
+  // Routes below require admin permission
   fastify.register(async function adminRoutes(fastify) {
     fastify.addHook('preHandler', fastify.requireAdmin);
 
-  // GET / - 用户列表
+  // GET / - User list
   fastify.get('/', async (request, reply) => {
     const { q, status, page = 1, limit = 20 } = request.query;
     const result = UserModel.list({
@@ -41,7 +41,7 @@ async function usersRoutes(fastify, options) {
     return reply.send(result);
   });
 
-  // POST / - 创建用户
+  // POST / - Create user
   fastify.post('/', async (request, reply) => {
     const { username, password, role = 'developer', name } = request.body || {};
     
@@ -62,7 +62,7 @@ async function usersRoutes(fastify, options) {
     }
     
     const passwordHash = await hashPassword(password);
-    // 创建用户时记录 created_by
+    // Record created_by when creating user
     const result = db.prepare(
       "INSERT INTO users (username, password_hash, role, name, status, created_by, created_at, updated_at) VALUES (?, ?, ?, ?, 'active', ?, datetime('now'), datetime('now'))"
     ).run(username.trim(), passwordHash, role, name || null, request.user.id);
@@ -71,7 +71,7 @@ async function usersRoutes(fastify, options) {
     return reply.code(201).send({ ok: true, user });
   });
 
-  // GET /:user_id - 用户详情
+  // GET /:user_id - User details
   fastify.get('/:user_id', async (request, reply) => {
     const { user_id } = request.params;
     const user = UserModel.findByIdWithCreator(parseInt(user_id));
@@ -97,7 +97,7 @@ async function usersRoutes(fastify, options) {
     return reply.send(result);
   });
 
-  // PATCH /:user_id - 更新用户
+  // PATCH /:user_id - Update user
   fastify.patch('/:user_id', async (request, reply) => {
     const userId = parseInt(request.params.user_id);
     const { role, status, name } = request.body || {};
@@ -144,7 +144,7 @@ async function usersRoutes(fastify, options) {
     return reply.send({ ok: true, user: updated });
   });
 
-  // POST /:user_id/reset-password - 重置密码
+  // POST /:user_id/reset-password - Reset password
   fastify.post('/:user_id/reset-password', async (request, reply) => {
     const userId = parseInt(request.params.user_id);
     const { new_password } = request.body || {};